This topic describes the release notes for Security Center and provides links to the relevant references.
May 2025
Feature | Category | Description | Affected editions | Release date | References |
Overview page | Iteration |
| All editions | 2025-05-08 |
April 2025
Feature | Category | Description | Affected editions | Release date | References |
Anti-ransomware | Iteration | The anti-ransomware policies for databases support selecting instances. | Editions for which the anti-ransomware feature is enabled | 2025-04-29 | |
Cloud security posture management (CSPM) | Iteration | Cloud service configuration check supports custom check items. | Editions for which the CSPM feature is purchased. | 2025-04-25 | |
Multi-cloud asset acces | New | Security Center supports adding Volcano Engine assets. | All editions | 2025-04-02 |
March 2025
Feature | Category | Description | Affected editions | Release date | References |
Baseline check | Iteration | The feature entry is moved to the tab in the Security Center console. | Advanced, Enterprise, and Ultimate | 2025-03-31 | |
Asset fingerprints | New | The asset fingerprint feature supports collecting AI component information. | Enterprise and Ultimate | 2025-03-31 | |
Asset exposure analysis | New | The asset exposure analysis feature supports identifying the exposure of AI services on servers. | Enterprise and Edition | 2025-03-31 | |
Vulnerability management | New | The vulnerability management feature supports detecting vulnerabilities in AI applications. | Enterprise and Ultimate | 2025-03-31 | |
Container image scan | New | The container image scan feature can tag images deployed by the Elastic Algorithm Service (EAS) of the Platform for AI (PAI) and detect plaintext sensitive information in AI API calls, such as Alibaba Cloud Model Studio API keys. | Editions for which the container image scan feature is purchased | 2025-03-31 | |
Agentless detection | New | The agentless detection feature supports identifying plaintext sensitive information in AI API calls, such as tokens of Alibaba Cloud PAI-EAS services. | Editions for which the agentless detection feature is purchased with pay-as-you-go | 2025-03-31 | |
CSPM | Iteration | The cloud service configuration check feature adds AI configuration management (AI-SPM) check items. | Editions for which the CSPM feature is purchased or enabled. | 2025-03-31 | |
The cloud service configuration check feature adds Kubernetes Security Posture Management (KSPM) check items. | Editions for which the CSPM feature is purchased or enabled. | 2025-03-27 | |||
Log management | Discontinued | Security Center no longer supports delivering and storing network logs by using the log analysis feature or the log management feature of Cloud Threat Detection and Response (CTDR). | Editions for which the log storage capacity for log analysis or CTDR is purchased. | 2025-03-27 | |
Brute-force attack protection | Iteration | Security Center adds configuration items for SQL Server brute-force attacks to reduce the risk of database intrusions. | Advanced, Enterprise, and Ultimate | 2025-03-14 | |
Host and container security | Iteration | Supports a pay-as-you-go billing method, enabling you to bind different Security Center editions to your servers for a more flexible security solution. | All editions | 2025-03-14 | |
Terraform | Iteration | The Terraform documentation is updated to support creating CTDR modules. | All editions | 2025-03-06 |
February 2025
Feature | Category | Description | Affected editions | Release date | References |
Security control | Discontinued | The security control feature is discontinued in the Other Settings. | All editions | 2025-02-14 |
January 2025
Feature | Category | Description | Affected editions | Release date | References |
Multi-cloud asset acces | Iteration | Multi-cloud asset access now supports configuring account names to differentiate assets from different accounts of the same third-party cloud provider. | All editions | 2025-01-12 | |
Cloud Threat Detection and Response (CTDR) | Iteration | To avoid adding logs without value, when assessing whether to adopt the recommended log policy for ActionTrail logs, Security Center considers whether you have purchased a paid edition (Anti-virus, Advanced, Enterprise, or Ultimate). Without a paid edition, ActionTrail logs will not be automatically added, even with the recommended CTDR log policy enabled. | Security Center editions for which the CTDR feature is enabled | 2025-01-12 | |
Serverless asset protection | Iteration | Supports protecting Alibaba Cloud Container Compute Service (ACS) assets. | Security Center editions for which the serverless asset protection feature is enabled based on the pay-as-you-go billing method | 2025-01-09 | |
Agent status | Iteration | The Security Center agent status now includes Agent Offline, Server Shutdown, and Agent Uninstalled. | All editions | 2025-01-07 | |
Application protection | Iteration | Resource statistics now support counting the number of PHP applications. | Security Center editions for which the quota for the application protection feature is purchased | 2025-01-07 | |
Container security | Iteration | Supports protecting Intelligent Computing LINGJUN assets. | Ultimate | 2025-01-02 |
December 2024
Feature | Category | Description | Affected editions | Release date | References |
CTDR | Iteration | When enabling CTDR based on the pay-as-you-go method, you can select the recommended log access policy. After selecting the recommended policy, the system automatically adds 14 types of logs from Alibaba Cloud Security Center, Web Application Firewall (WAF), Cloud Firewall, and ActionTrail. | Security Center editions for which the CTDR feature is enabled | 2024-12-27 | |
Anti-ransomware | Iteration | The regions supported by anti-ransomware for servers now include China (Ulanqab), China (Heyuan), and China (Guangzhou). | Security Center editions for which the anti-ransomware feature is enabled | 2024-12-20 | |
Agentless detection | Iteration | Agentless detection supports incremental detection for custom images. | Security Center editions for which the agentless detection feature is enabled based on the pay-as-you-go billing method | 2024-12-20 | |
Agentless detection supports handling malicious samples and sensitive files. | |||||
Malicious file detection SDK | Iteration | In OSS file detection, the size limit for a single file in a detection task is increased to 500 MB. | Security Center editions for which the SDK for malicious file detection feature is enabled | 2024-12-18 | |
Billing | Iteration | CTDR now supports the pay-as-you-go billing method, enabling capabilities such as adding services, handling events, security alerting, and orchestration response. | All editions | 2024-12-13 | |
Billing | Iteration | Security Center instances can now be switched from full protection mode to partial protection mode. This allows you to specify servers for protection and use more flexible billing and protection policies. | All paid editions | 2024-12-12 | [Notice] Full protection mode upgraded to partial protection mode |
CSPM | Iteration | Configuration assessment is renamed to Cloud security posture management (CSPM). | Security Center editions for which the CSPM feature is enabled | 2024-12-10 | |
Application protection | New | Protection for PHP applications is supported. | Security Center editions for which the quota for the application protection feature is purchased | 2024-12-06 | |
Baseline check | Iteration | Baseline check adds operational metrics. | Advanced, Enterprise, and Ultimate | 2024-12-03 |
November 2024
Feature | Category | Description | Affected editions | Release date | References |
Container image scan | Iteration | Information on sensitive files detected by the container image scan feature can now be exported. The exported information includes image versions and repository names. | Security Center editions for which the container image scan feature is enabled | 2024-11-21 | |
CI/CD integration settings | Iteration | The documentation for Jenkins Freestyle and Pipeline Projects is optimized to include detailed steps and screenshots for installing plugins and configuring image scans. | Ultimate | 2024-11-19 | |
Configuration assessment | Iteration | The attack path analysis feature is added, which performs comprehensive scans and analyses of access paths between Alibaba Cloud services, such as those where a RAM role assigned to an ECS instance controls OSS buckets, and provides visualized scan results. | Security Center editions for which the configuration assessment feature is enabled | 2024-11-19 | |
CTDR | Iteration | The recommended log access policy for CTDR is adjusted to add 14 types of logs from Alibaba Cloud Security Center, Web Application Firewall (WAF), Cloud Firewall, and ActionTrail. | Security Center editions for which the CTDR feature is enabled | 2024-11-15 | |
Anti-ransomware | Iteration | Anti-ransomware for databases supports viewing backup jobs. | Security Center editions for which the anti-ransomware feature is enabled | 2024-11-15 | |
Anti-ransomware supports backing up data of Rocky Linux systems. | Security Center editions for which the anti-ransomware feature is enabled | 2024-11-13 | |||
Billing | Iteration | Supports enabling CTDR in the subscription biling method using Terraform. | All editions | 2024-11-04 |
October 2024
Feature | Category | Description | Affected edition | Release date | References |
Container microsegmentation | Iteration | Container firewall is renamed to container microsegmentation. | Ultimate | 2024-10-31 | |
Container image scan | Iteration | GitLab image repository can be scanned. | Ultimate | 2024-10-31 | |
Container | Iteration | GitLab image repository is added. | Ultimate | 2024-10-31 | |
Anti-ransomware | Iteration | The option to exclude non-local mount path is added to the anti-ransomware policy for servers. | Security Center editions for which the anti-ransomware feature is enabled | 2024-10-30 | |
Application protection | Iteration | Whitelist can be configured to limit access to Runtime Application Self-protection (RASP). | Security Center editions for which the quota for the application protection feature is purchased | 2024-10-30 | |
CTDR | Iteration | Alerts generated by Cloud Workload Protect Platform (CWPP) and CTDR are merged onto one page. | All editions | 2024-10-24 | |
Defense against brute-force attacks | Iteration | Security Center Advanced edition now supports installing the alinet plug-in to improve the protection effectiveness of the feature. You can also use the cloud dynamic defense model to strengthen the security system. | Advanced | 2024-10-24 | [Notice] Updated Defense Against Brute-force Attacks of Security Center |
Application protection | Iteration | The manual access for containers is upgraded, and the custom installation of RASP agent is supported. | Security Center editions for which the quota for the application protection feature is purchased | 2024-10-21 | |
Core file monitoring | Iteration | Windows servers can be monitored. | Enterprise and Ultimate | 2024-10-16 | |
Proactive defense for containers | Iteration | Limits on container image are added to activate rules for non-image program defense. | Ultimate | 2024-10-16 | |
Log analysis | Iteration | Core file monitoring event logs are supported for delivery and storage. | Enterprise and Ultimate | 2024-10-15 | |
Anti-ransomware | Iteration | Anti-ransomware for databases now supports backing up data from MySQL 8.0. | Security Center editions for which the anti-ransomware feature is enabled | 2024-10-11 | |
Agentless detection | Iteration | Servers in the China (Chengdu) region are supported for the agentless detection feature. | Security Center editions for which the agentless detection feature is enabled based on the pay-as-you-go billing method | 2024-10-09 |
September 2024
Feature | Category | Description | Affected edition | Release date | References |
Serverless Asset Protection | Iteration | Security assessment is supported across the Serverless App Engine (SAE) products. | Security Center editions for which the serverless asset protection feature is enabled by using the pay-as-you-go billing method | 2024-09-30 | |
Asset Exposure Analysis | Iteration | ApsaraDB RDS, Tair (Redis OSS-compatible), and ApsaraDB for MongoDB are added to the supported asset types for detection. | Enterprise and Ultimate | 2024-09-27 | |
CTDR | Iteration | The attack timeline tab on the security event details page is optimized to include timeline cards that feature alerts and log evidence, as well as the source tracing diagram of the event. This upgrade supports automated tracing of suspicious attack paths. The tracing diagram includes many topics such as alerts, logs, vulnerabilities, baselines, assets, and entities, with options to view detailed information. | Security Center editions for which the CTDR feature is enabled | 2024-09-24 | |
Iteration | To enhance the user experience of log management feature of CTDR, Security Center ends the public preview of the cold data storage solution, and unpublishes the solution. | 2024-09-12 | [Notice] Public preview of the cold data storage feature of CTDR ends and the feature is unpublished | ||
Multi-cloud Configuration Management | Iteration | The process for adding multi-cloud assets to Security Center is optimized. When an Azure asset is added, the SubscriptionId configuration is no longer required. | All editions | 2024-09-05 |
August 2024
Feature | Category | Description | Affected edition | Release date | References |
CTDR | Iteration | New basic orchestration group aliyuncloudOpenAPI is added. | Security Center editions for which the CTDR feature is enabled | 2024-08-30 | |
Iteration | Logs of the third-party cloud service providers such as Chaitin WAF and FortiGate Firewall can be added to the CTDR feature. | Security Center editions for which the CTDR feature is enabled | 2024-08-20 | ||
Application protection | Iteration | Runtime circuit breaking feature is available. | Security Center editions for which the application protection feature is enabled | 2024-08-19 | |
Configuration assessment | Iteration |
| Security Center editions for which the configuration assessment feature is enabled | 2024-08-19 | |
Application protection | Iteration | AI-powered analysis of attack alerts and in-memory webshell detection alerts is available to provide detailed explanations and reasoning. | Security Center editions for which the application protection feature is enabled | 2024-08-16 | |
Configuration assessment | Iteration |
| All editions | 2024-08-02 | |
Serverless asset protection | Iteration |
| All editions | 2024-08-02 | |
Application protection | Iteration | A toggle for decompiling Java files is available on the details page of the in-memory webshell detection alerts. | Security Center editions for which the application protection feature is enabled | 2024-08-01 | |
Log analysis | Iteration | V2.0 log dictionaries are released and the upgrade from V1.0 log dictionaries to V2.0 is available. | Security Center editions for which the log analysis feature is enabled | 2024-08-01 |
July 2024
Feature | Category | Description | Affected edition | Release date | References |
SDK for malicious file detection | Iteration | SDK for malicious file detection can decrypt and check OSS objects that are encrypted by using a server-side encryption method. | Security Center editions for which the SDK for malicious file detection feature is enabled | 2024-07-26 | |
Agentless detection | Iteration | Agentless detection enables the snapshot feature and the image check feature. | Security Center editions for which the agentless detection feature is enabled based on the pay-as-you-go billing method | 2024-07-08 | |
CTDR | Iteration | SOAR playbook can be copied. | Security Center editions for which the CTDR feature is enabled | 2024-07-03 | |
Core file monitoring | Iteration | The best practice document for configuring the core file monitoring feature is added. The document describes the configurations of monitoring rules and provides examples. | Enterprise and Ultimate | 2024-07-01 | Best practices for configuring the core file monitoring feature |
June 2024
Feature | Category | Description | Affected edition | Release date | References |
SDK for malicious file detection | Iteration | The results of malicious file detection that is performed by calling API operations are displayed in the list of at-risk files in the Security Center console. | Security Center editions for which the SDK for malicious file detection feature is enabled | 2024-06-28 | |
Malicious file detection logs can be delivered to the Logstore dedicated to Security Center. | |||||
DingTalk chatbots can be added to send notifications. You can receive real-time notifications of detected malicious files in the DingTalk group that you specify. | |||||
Vulnerability management | Iteration | The vulnerability management feature can be used to scan servers that use SUSE and Kylin operating systems for vulnerabilities. | All editions | 2024-06-20 | |
Application protection | Iteration |
| Security Center editions for which the quota for the application protection feature is purchased | 2024-06-19 | |
CTDR | Iteration | EdgeRoutine logs, access logs, and Web Application Firewall (WAF) logs of Dynamic Content Delivery Network (DCDN) can be added to the CTDR feature. The added logs are processed by using threat detection, event handling, Security Orchestration Automation Response (SOAR), and log storage capabilities. | Security Center editions for which the CTDR feature is enabled | 2024-06-19 | |
Baseline check | Iteration | Debian 10, Debian 11, Debian 12, and TencentOS Server 3.1 are supported by the baseline check feature. | Advanced, Enterprise, and Ultimate | 2024-06-19 | |
Iteration | The maximum size of a weak password file that you can upload is increased to 40 KB. | Advanced, Enterprise, and Ultimate | 2024-06-07 | ||
Installation of the Security Center agent | Iteration | Kylin V7 and Red Hat Enterprise Linux (RHEL) 9 are supported for the Security Center agent. | All editions | 2024-06-06 | |
Log analysis | Iteration | Agent event logs are supported for delivery and storage. | Security Center editions for which the log analysis feature is enabled | 2024-06-06 |
May 2024
Feature | Category | Description | Affected edition | Release date | References |
Container image scan | Iteration | The container image scan feature is supported for the China (Ulanqab) region. | Security Center editions for which the container image scan feature is enabled | 2024-05-31 | |
Container | Iteration | The risk detection results of a single image can be exported. | Ultimate | 2024-05-31 | |
Purchase | Iteration | When you purchase Security Center by using the subscription billing method, the Protected Servers and Cores parameters can be specified based on your business requirements. After you purchase Security Center, you can manage the quotas. | Anti-virus, Advanced, Enterprise, and Ultimate | 2024-05-30 | |
Alerts | Iteration | The Suspicious process - Suspicious command alert is renamed Suspicious process - Suspicious probe command. | Anti-virus, Advanced, Enterprise, and Ultimate | 2024-05-22 | |
Application protection | Iteration | The text in the panel for attack alert details is optimized. | Security Center editions for which the application protection feature is purchased | 2024-05-15 | |
SDK for malicious file detection | Iteration | The maximum size of a file that can be checked by the SDK for malicious file detection feature is increased from 20 MB to 100 MB. | Security Center editions for which the SDK for malicious file detection feature is purchased | 2024-05-14 | |
Configuration assessment | Iteration |
| Security Center editions for which the quota for the configuration assessment feature is purchased or the feature is enabled by using the pay-as-you-go billing method | 2024-05-11 | |
CTDR | Iteration | The time picker and filter conditions on the Security Incident page are optimized. | Security Center editions for which the CTDR feature is enabled | 2024-05-09 |
April 2024
Feature | Category | Description | Affected edition | Release date | References |
CTDR | Iteration |
| Security Center editions for which the CTDR feature is enabled | 2024-04-26 | [Notice] Billing rules of Cloud Threat Detection and Response (CTDR) are changed |
Application protection | New | The in-memory webshell prevention feature is added to detect threats that are hidden in memory. | Security Center editions for which the application protection feature is enabled | 2024-04-17 | |
Configuration assessment | Iteration | Quick fixing is provided for more than 50 check items. | Security Center editions for which the quota for the configuration assessment feature is purchased or the feature is enabled by using the pay-as-you-go billing method | 2024-04-17 | |
Anti-ransomware (bait capture) | Iteration | Linux servers are supported. | Advanced, Enterprise, and Ultimate | 2024-04-17 | |
Baseline check | Iteration | The baseline type of Center for Internet Security (CIS) compliance is renamed internationally agreed best practices for security. | Advanced, Enterprise, and Ultimate | 2024-04-11 | |
SDK for malicious file detection | Iteration | File packages can be decompressed for malicious file detection. | Security Center editions for which the SDK for malicious file detection feature is enabled | 2024-04-11 | |
CTDR - Log management | New |
| Security Center editions for which the CTDR feature is enabled | 2024-04-02 | |
Configuration assessment | Iteration | In the Security Center console, Alibaba Cloud accounts on the China site (aliyun.com) can be used to perform checks related to Resource Access Management (RAM) only on assets that reside in regions in China, and Alibaba Cloud accounts on the international site (alibabacloud.com) can be used to perform RAM-related checks only on assets that reside in regions outside China. The historical scan results are retained in the regions of the assets. | Security Center editions for which the quota for the configuration assessment feature is purchased or the feature is enabled by using the pay-as-you-go billing method | 2024-04-01 |
March 2024
Feature | Category | Description | Affected edition | Release date | References |
CTDR | Iteration | The threat analysis feature is renamed CTDR. | Security Center editions for which the CTDR feature is enabled | 2024-03-29 | |
Container file protection | Iteration | A process whitelist and a file path whitelist can be configured during the creation of a rule for container file protection. | Ultimate | 2024-03-19 | |
SDK for malicious file detection | Iteration | Adware, cracking programs, and private game servers can be detected. | Security Center editions for which the SDK for malicious file detection feature is enabled | 2024-03-01 |
February 2024
Feature | Category | Description | Affected edition | Release date | References |
Core file monitoring | Iteration | Alert notifications by using DingTalk chatbots are supported for the core file monitoring feature. | Enterprise and Ultimate | 2024-02-23 | |
Baseline check | Iteration | Custom weak password rules can be added to existing weak password rules. | Advanced, Enterprise, and Ultimate | 2024-02-22 | |
Application protection | Iteration |
| Security Center editions for which the application protection feature is enabled | 2024-02-22 | |
Configuration assessment | Iteration | The pay-as-you-go billing method is supported. | All editions | 2024-02-19 | |
Agentless detection | Iteration | The agentless detection feature is available for commercial use and is no longer free of charge. If you have enabled this feature free of charge, you can use this feature free of charge until the end of the public preview on March 5, 2024. After the public preview ends, you must enable this feature by using the pay-as-you-go billing method to use this feature. | All editions | 2024-02-02 |
January 2024
Feature | Category | Description | Affected edition | Release date | References |
Security report | Iteration | The Security Report page in the Security Center console is optimized. | Advanced, Enterprise, and Ultimate | 2024-01-31 | |
Overview | Iteration | The content of the security information module is optimized. | All editions | 2024-01-29 | |
Risk governance | Iteration | The risk management module is renamed risk governance. | All editions | 2024-01-26 | None |
Configuration assessment | Iteration | If you do not purchase a quota for configuration assessment, 25 check items are provided free of charge. | All editions | 2024-01-19 | |
Vulnerability management | Iteration | The Show Only Exploitable Vulnerabilities feature is supported when you select Outside China as the region of the asset that you want to protect. | All editions | 2024-01-05 |
Security Center release notes
For release notes of Security Center earlier than 2024, see Release notes (earlier than 2024).